14 matches found
CVE-2026-8011
Insufficient policy enforcement in Search in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
SHARP MFPs Out-of-Bounds Vulnerabilities (CVE-2024-42420)
Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed. This plugin only works with Tenable.ot. Please visit...
PT-2025-44234
Name of the Vulnerable Software and Affected Versions WTW EAGLE for Windows version 3.0.8.0 Description The installer for WTW EAGLE for Windows has a DLL search path issue that could allow for the insecure loading of Dynamic Link Libraries. This could potentially lead to the execution of arbitrar...
EUVD-2022-15630
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-25979
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The URL parameters accepted by forum search were not limited to the allowed parameters. CVE-2024-25979 Note that Nessus relies on the presence of the package as...
The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from an uncontrolled element in the search process, allowing attackers to download the NPM package with conflicting data.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to an uncontrollable element in the search process. Exploiting this vulnerability allows a malicious actor to download the NPM package containing conflicting data...
The vulnerability of the Elastic Search component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of component AElastic Search in the Oracle PeopleSoft Enterprise PeopleTools business application suite exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab Community Edition and GitLab...
Young Entrepreneur E-Negosyo System SQL注入漏洞
Young Entrepreneur E-Negosyo System is a Young Entrepreneur E-Negosyo System for janobe individual developers. A security vulnerability exists in SourceCodester Young Entrepreneur E-Negosyo System version 1.0, which stems from an incorrect manipulation of the parameter search resulting in sql...
elasticsearch: executing async search improperly stores HTTP headers leading to information disclosure
Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in...
CVE-2022-0493 String Locator < 2.5.0 - Admin+ Arbitrary File Read
The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be...
CVE-2021-34787
A vulnerability in the identity-based firewall IDFW rule processing feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper...
UBUNTU-CVE-2019-3824
A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service...
Multiple SQL Injection Vulnerabilities in Ocean CMS V6.48 Backend
Ocean Movie System aka Ocean CMS seacms is a PHP movie system. Ocean CMS V6.48 backend user search, backend user edit admin\adminmembers.php page id parameter, backend admin\adminmembersgroup.php page $id parameter and admin\admindatarelate.php page $vfield SQL injection vulnerability exists. The...